Scores/Sablier

Sablier

MITHRIL

Token Streaming · Multi-chain · $100M+ TVL · 10 contracts

Official site: sablier.com ↗

874

3004756508251000

Confidence78%

Z-Factor0.88

Updated 2026-05-27Public score

Security Profile

Access Control
90

Economic Soundness
92

Oracle Integrity
95

Compositional Risk
85

Governance
82

Maturity
85

Resilience
50

Supply Chain
90

Op Security
66

Cascade Exposure
100

Access Ctrl
90

Economic
92

Oracle
95

Compos.
85

Govern.
82

Maturity
85

Resilience
50

Supply Ch.
90

OpSec
66

Cascade
100

Min

Avg

Max

100

Audit History

Cantina

2024-05

Codehawks

2023-11

Bug Bounty Program

$100,000

Max payout on Cantina

View Program

Assessment

Clean, focused token streaming protocol. Simplicity is its greatest security asset - no oracles, no flash loans, straightforward math. D5 penalized for lack of formal governance, D6 for V2's relative youth. V1's 7-year org history helps.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 88% confidence

+22Minimal admin surface - stream creation is permissionless

+22Cancel/withdraw controls per-stream by sender/recipient

+22NFT representation of streams (ERC-721)

+22No global admin or pause mechanism in V2

Provenance

Economic Soundness

Weight 13% · 90% confidence

+23Linear, cliff, and dynamic streaming curves

+23Math is straightforward (time-proportional release)

+23No flash loan surface, no yield generation

+23Economic model is simple and well-understood

Provenance

Oracle Integrity

Weight 13% · 95% confidence

+24No external oracle dependency whatsoever

+24Time-based streaming uses block.timestamp only

+24No price feeds, no TWAP, no external data

+24Simplest possible temporal model

Provenance

Battle-Tested Maturity

Weight 12% · 78% confidence

+17V2 live since mid-2023 (24 months)

+17V1 live since 2019 (7 years org history)

+17Zero exploits across any version

+17Multiple audits (Cantina, CodeHawks)

Provenance

Governance & Upgradeability

Weight 10% · 72% confidence

+20Small team governance, no token, no DAO

+20Multisig for protocol admin (minimal admin needed)

+20Deployment decisions by core team

+20No formal governance framework

Provenance

Adversarial Resilienceredacted

Weight 10% · 30% confidence

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Mature codebase with extensive battle testing
No validated adversarial findings — score set to neutral baseline

Provenance

Operational Security

Weight 10% · 60% confidence

-34No branch protection detected

+11Active CI/CD (100% success rate)

+11Commit signing: 100% verified

+11Strong PR review culture (77% reviewed)

Provenance

Compositional Risk

Weight 5% · 82% confidence

+21Limited composability - NFT streams can be traded

+21No deep external protocol dependencies

+21Minimal integration surface by design

+21Lockup and Flow contracts are self-contained

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 1 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 88% confidence

+22Minimal dependencies (PRBMath, OpenZeppelin)

+22Clean Solidity codebase

+22Verified on all deployment chains

+22Professional build and test pipeline

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience

50+41.2 potential

Operational Security

66+24.3 potential

No branch protection detected

Governance & Upgradeability

82+11.5 potential

Small team governance, no token, no DAO

Battle-Tested Maturity

85+11.3 potential

V2 live since mid-2023 (24 months)

Access Control

90+11 potential

Minimal admin surface - stream creation is permissionless

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2019-12-1410 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:c...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "sablier"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("sablier")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/sablier?variant=card&theme=dark"
  title="BlackHart Risk Index: Sablier"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review